1*** Settings *** 2 3 4Documentation Suite to test certificate via DMTF redfishtool. 5 6Library OperatingSystem 7Library String 8Library Collections 9 10Resource ../../lib/resource.robot 11Resource ../../lib/bmc_redfish_resource.robot 12Resource ../../lib/openbmc_ffdc.robot 13Resource ../../lib/certificate_utils.robot 14Resource ../../lib/dmtf_redfishtool_utils.robot 15 16Suite Setup Suite Setup Execution 17 18 19*** Variables *** 20 21${root_cmd_args} = SEPARATOR= 22... redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always 23 24 25*** Test Cases *** 26 27 28Verify Redfishtool Replace Server Certificate Valid CertKey 29 [Documentation] Verify replace server certificate. 30 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey 31 32 Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok 33 34 35Verify Redfishtool Replace Client Certificate Valid CertKey 36 [Documentation] Verify replace client certificate. 37 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey 38 39 Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok 40 41 42Verify Redfishtool Replace CA Certificate Valid Cert 43 [Documentation] Verify replace CA certificate. 44 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert 45 46 Verify Redfishtool Replace Certificate CA Valid Certificate ok 47 48 49Verify Redfishtool Client Certificate Install Valid CertKey 50 [Documentation] Verify client certificate installation. 51 [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey 52 53 Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok 54 55 56Verify Redfishtool CA Certificate Install Valid Cert 57 [Documentation] Verify CA Certificate installation. 58 [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert 59 60 Verify Redfishtool Install Certificate CA Valid Certificate ok 61 62 63Verify Redfishtool Replace Server Certificate Errors 64 [Documentation] Verify error while replacing invalid server certificate. 65 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Errors 66 [Template] Verify Redfishtool Replace Certificate 67 68 Server Empty Certificate Empty Privatekey error 69 Server Empty Certificate Valid Privatekey error 70 Server Valid Certificate Empty Privatekey error 71 72 73Verify Redfishtool Replace Client Certificate Errors 74 [Documentation] Verify error while replacing invalid client certificate. 75 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Errors 76 [Template] Verify Redfishtool Replace Certificate 77 78 Client Empty Certificate Empty Privatekey error 79 Client Empty Certificate Valid Privatekey error 80 Client Valid Certificate Empty Privatekey error 81 82 83Verify Redfishtool Replace CA Certificate Errors 84 [Documentation] Verify error while replacing invalid CA certificate. 85 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Errors 86 [Template] Verify Redfishtool Replace Certificate 87 88 CA Empty Certificate error 89 90 91Verify Redfishtool Client Certificate Install Errors 92 [Documentation] Verify error while installing invalid client certificate. 93 [Tags] Verify_Redfishtool_Client_Certificate_Install_Errors 94 [Template] Verify Redfishtool Install Certificate 95 96 Client Empty Certificate Empty Privatekey error 97 Client Empty Certificate Valid Privatekey error 98 Client Valid Certificate Empty Privatekey error 99 100 101Verify Redfishtool CA Certificate Install Errors 102 [Documentation] Verify error while installing invalid CA certificate. 103 [Tags] Verify_Redfishtool_CA_Certificate_Install_Errors 104 [Template] Verify Redfishtool Install Certificate 105 106 # cert_type cert_format expected_status 107 CA Empty Certificate error 108 109 110Verify Error While Uploding Same CA Certificate Via Redfishtool 111 [Documentation] Verify error while uploading same CA certificate two times. 112 [Tags] Verify_Error_While_Uploding_Same_CA_Certificate_Via_Redfishtool 113 114 # Create certificate file for uploading. 115 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate 365 116 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 117 ${file_data}= Decode Bytes To String ${bytes} UTF-8 118 119 # Install CA certificate. 120 Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} ok data=${file_data} 121 122 # Adding delay after certificate installation. 123 Sleep 30s 124 125 # Check error while uploading same certificate. 126 Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} error data=${file_data} 127 128 129Install Server Certificate Using Redfishtool And Verify Via OpenSSL 130 [Documentation] Install server certificate using Redfishtool and verify via OpenSSL. 131 [Tags] Install_Server_Certificate_Using_Redfishtool_And_Verify_Via_OpenSSL. 132 133 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey 134 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 135 ${file_data}= Decode Bytes To String ${bytes} UTF-8 136 137 ${certificate_dict}= Create Dictionary 138 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1 139 140 ${dict_objects}= Create Dictionary CertificateString=${file_data} 141 ... CertificateType=PEM CertificateUri=${certificate_dict} 142 143 ${string}= Convert To String ${dict_objects} 144 ${string}= Replace String ${string} ' " 145 ${payload}= Set Variable '${string}' 146 147 ${response}= Redfishtool Post 148 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 149 150 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path} 151 152*** Keywords *** 153 154 155Verify Redfishtool Install Certificate 156 [Documentation] Install and verify certificate using Redfishtool. 157 [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True} 158 159 # Description of argument(s): 160 # cert_type Certificate type (e.g. "Client" or "CA"). 161 # cert_format Certificate file format 162 # expected_status Expected status of certificate install Redfishtool 163 # request (i.e. "ok" or "error"). 164 # delete_cert Certificate will be deleted before installing if this True. 165 166 Run Keyword If '${cert_type}' == 'CA' and '${delete_cert}' == '${True}' 167 ... Delete All CA Certificate Via Redfisthtool 168 ... ELSE IF '${cert_type}' == 'Client' and '${delete_cert}' == '${True}' 169 ... Redfishtool Delete Certificate Via BMC CLI ${cert_type} 170 171 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 172 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 173 ${file_data}= Decode Bytes To String ${bytes} UTF-8 174 175 ${certificate_uri}= Set Variable If 176 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI} 177 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI} 178 179 ${cert_id}= Redfishtool Install Certificate File On BMC 180 ... ${certificate_uri} ${expected_status} data=${file_data} 181 Logging Installed certificate id: ${cert_id} 182 183 # Adding delay after certificate installation. 184 Sleep 30s 185 186 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 187 188 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' 189 ... Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString 190 191 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content} 192 193 [Return] ${cert_id} 194 195 196Delete All CA Certificate Via Redfisthtool 197 [Documentation] Delete all CA certificate via Redfish. 198 199 ${cmd_output}= Redfishtool Get /redfish/v1/Managers/bmc/Truststore/Certificates 200 ${json_object}= To JSON ${cmd_output} 201 ${cert_list}= Set Variable ${json_object["Members"]} 202 FOR ${cert} IN @{cert_list} 203 Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args} 204 END 205 206 207Redfishtool Delete Certificate Via BMC CLI 208 [Documentation] Delete certificate via BMC CLI. 209 [Arguments] ${cert_type} 210 211 # Description of argument(s): 212 # cert_type Certificate type (e.g. "Client" or "CA"). 213 214 ${certificate_file_path} ${certificate_service} ${certificate_uri}= 215 ... Run Keyword If '${cert_type}' == 'Client' 216 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service 217 ... ${REDFISH_LDAP_CERTIFICATE_URI} 218 ... ELSE IF '${cert_type}' == 'CA' 219 ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service 220 ... ${REDFISH_CA_CERTIFICATE_URI} 221 222 ${file_status} ${stderr} ${rc}= BMC Execute Command 223 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found" 224 225 Return From Keyword If "${file_status}" != "Found" 226 BMC Execute Command rm ${certificate_file_path} 227 BMC Execute Command systemctl restart ${certificate_service} 228 BMC Execute Command systemctl daemon-reload 229 230 231Redfishtool Install Certificate File On BMC 232 [Documentation] Install certificate file in BMC using POST operation. 233 [Arguments] ${uri} ${status}=ok &{kwargs} 234 235 # Description of argument(s): 236 # uri URI for installing certificate file via Redfishtool. 237 # e.g. "/redfish/v1/AccountService/LDAP/Certificates". 238 # status Expected status of certificate installation via Redfishtool. 239 # e.g. error, ok. 240 # kwargs A dictionary of keys/values to be passed directly to 241 # POST Request. 242 243 Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 244 245 ${headers}= Create Dictionary Content-Type=application/octet-stream 246 ... X-Auth-Token=${XAUTH_TOKEN} 247 Set To Dictionary ${kwargs} headers ${headers} 248 249 ${ret}= Post Request openbmc ${uri} &{kwargs} 250 ${content_json}= To JSON ${ret.content} 251 ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1 252 253 Run Keyword If '${status}' == 'ok' 254 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK} 255 ... ELSE IF '${status}' == 'error' 256 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR} 257 258 Delete All Sessions 259 260 [Return] ${cert_id} 261 262 263Verify Redfishtool Replace Certificate 264 [Documentation] Verify replace server certificate. 265 [Arguments] ${cert_type} ${cert_format} ${expected_status} 266 267 # Description of argument(s): 268 # cert_type Certificate type (e.g. "Client", "Server" or "CA"). 269 # cert_format Certificate file format 270 # (e.g. "Valid_Certificate_Valid_Privatekey"). 271 # expected_status Expected status of certificate replace Redfishtool 272 # request (i.e. "ok" or "error"). 273 274 # Install certificate before replacing client or CA certificate. 275 ${cert_id}= Run Keyword If '${cert_type}' == 'Client' 276 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate Valid Privatekey ok 277 ... ELSE IF '${cert_type}' == 'CA' 278 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate ok 279 280 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 281 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 282 ${file_data}= Decode Bytes To String ${bytes} UTF-8 283 284 ${certificate_uri}= Set Variable If 285 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1 286 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1 287 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id} 288 289 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 290 ${dict_objects}= Create Dictionary CertificateString=${file_data} 291 ... CertificateType=PEM CertificateUri=${certificate_dict} 292 ${string}= Convert To String ${dict_objects} 293 ${string}= Replace String ${string} ' " 294 ${payload}= Set Variable '${string}' 295 296 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK} 297 ... '${expected_status}' == 'error' ${HTTP_NOT_FOUND} 298 299 ${response}= Redfishtool Post 300 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 301 ... expected_error=${expected_resp} 302 303 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 304 ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString 305 306 Run Keyword If '${expected_status}' == 'ok' 307 ... Should Contain ${cert_file_content} ${bmc_cert_content} 308 ... ELSE 309 ... Should Not Contain ${cert_file_content} ${bmc_cert_content} 310 311 312Redfishtool GetAttribute 313 [Documentation] Execute redfishtool for GET operation. 314 [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}="" 315 316 # Description of argument(s): 317 # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/). 318 # Attribute The specific attribute to be retrieved with the URI. 319 # cmd_args Commandline arguments. 320 # expected_error Expected error optionally provided in testcase (e.g. 401 / 321 # authentication error, etc. ). 322 323 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri} 324 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error} 325 ${json_object}= To JSON ${cmd_output} 326 327 [Return] ${json_object["CertificateString"]} 328 329 330Suite Setup Execution 331 [Documentation] Do suite setup execution. 332 333 ${tool_exist}= Run which redfishtool 334 Should Not Be Empty ${tool_exist} 335 336 # Create certificate sub-directory in current working directory. 337 Create Directory certificate_dir 338